Tuesday, December 30, 2008
Bypassing Websense
Websense is a kind of proxy server that filters request to the internet and will block certain kinds of request - The most common way of blocking is to check the requested url against a black list.
The most common HTTP request is GET and looks like:
GET /path-to-file HTTP/1.0
Simply replacing this with something like the one below seems to confuse Websense, making it to believe that the url is not in the black list.
GET /path-to-file <2048-space> HTTP/1.0
While some web servers are also confused by such a request some others behave normally.
To change the request from the first format to the second one needs some one in between and the easiest is a proxy server and if it's in python it only gets more easier.
TIP: If using windows, the extension of the proxy file can be set as .pyw to run it invisibly.
The browser has to be configured to use a proxy but since some sites doesn't work with this proxy due to the request mangling, it is worth writing a proxy.pac file that uses the proxy only for certain sites.
QuickProxy is a nice add-on for Firefox that makes it easy to switch proxy configuration.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment